harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Geir Magnusson Jr." <g...@pobox.com>
Subject Re: [classlib][security] Changing system property java.home may cause incorrect initialization of java.security.Security class
Date Fri, 24 Nov 2006 13:31:09 GMT
I don't understand.  If I can modify java.home, it means I can control 
any properties the VM comes up with, right?  Isn't java.home set on vm 
start and immutable?

geir


Tim Ellison wrote:
> Alexey Varlamov wrote:
>> Boris, for the security-sensitive applications, there is appropriate
>> guard in place:
>>
>> public SecurityManager() {
>>     SecurityManager security = System.getSecurityManager();
>>     if (security != null) {
>>           
>> security.checkPermission(RuntimePermission.permissionToCreateSecurityManager);
>>
>>        }
>>        Class<?> type = Security.class; // initialize Security properties
>>        if (type == null) {
>>            throw new AssertionError();
>>        }
>> }
>>
>> I believe this is enough. In fact if the code has enough privileges to
>> modify such principal system properties, there might be even more
>> severe problems...
> 
> I agree.
> 
> Regards,
> Tim
> 

Mime
View raw message